[ root @ ELK - node1 tools ] # wget https://download.elastic.co/logstash/logstash/logstash-2.4.0.tar.gz
[ root @ ELK - node1 tools ] # tar zxf logstash-2.4.0.tar.gz
[ root @ ELK - node1 tools ] # mv logstash-2.4.0 /byrd/service/
[ root @ ELK - node1 tools ] # ln -s /byrd/service/logstash-2.4.0 /usr/local/logstash
[ root @ ELK - node1 ~ ] # /usr/local/logstash/bin/logstash -e 'input { stdin{} } output { stdout{} }'
heabc
Settings : Default pipeline workers : four
Pipeline main started
two thousand and sixteen - 09 - 25T07 : fifty-one : 48.961Z ELK - node1 . log . t4x . org heabc
[ root @ ELK - node1 ~ ] # /usr/local/logstash/bin/logstash -e 'input { stdin{} } output { stdout{codec => rubydebug} }'
hello , world
Settings : Default pipeline workers : four
Pipeline main started
{
"message" = > "hello,world" ,
"@version" = > "1" ,
"@timestamp" = > "2016-09-25T07:49:43.812Z" ,
"host" = > "ELK-node1.log.t4x.org"
}
Pipeline main has been shutdown
stopping pipeline { : id = > "main" }
[ root @ ELK - node1 ~ ] # cat /etc/logstash.conf
input {
file {
path = > "/var/log/messages"
}
}
output {
elasticsearch {
hosts = > [ "1.1.1.117:9200" ]
index = > "messages-%{+YYYY.MM.dd}"
}
}
[ root @ ELK - node1 ~ ] # cat /etc/logstash.conf
input {
file {
path = > "/var/log/messages"
}
}
output {
redis {
data_type = > "list"
key = > "system-messages"
host = > "1.1.1.120"
password = > "abc123"
port = > "6379"
db = > "1"
}
}
[ root @ ELK - node2 init . d ] # cat /etc/logstash.conf
input {
redis {
data_type = > "list"
key = > "system-messages"
host = > "1.1.1.120"
password = > "abc123"
port = > "6379"
db = > "1"
}
}
output {
elasticsearch {
hosts = > [ "1.1.1.117:9200" ]
index = > "sys-messages-%{+YYYY.MM.dd}"
}
}
[ root @ ELK - node1 tools ] # cat /etc/logstash.conf
input {
file {
path = > "/var/log/nginx/access.log"
codec = > "json"
}
}
output {
redis {
data_type = > "list"
key = > "nginx-access-log"
host = > "1.1.1.120"
password = > "abc123"
port = > "6379"
db = > "2"
}
}
[ root @ ELK - node2 ~ ] # cat /etc/logstash.conf
input {
redis {
data_type = > "list"
key = > "nginx-access-log"
host = > "1.1.1.120"
password = > "abc123"
port = > "6379"
db = > "2"
}
}
output {
elasticsearch {
hosts = > [ "1.1.1.117:9200" ]
index = > "nginx-access-log-%{+YYYY.MM.dd}"
}
}